Blue-Green deployments using Azure Traffic Manager
Azure Traffic Manager, Azure’s DNS based load balancing solution, is used by customers for a wide variety of use cases including routing a global user base to endpoints on Azure that will give them the fastest, low latency experience, providing seamless auto-failover for mission critical workloads and migration from on-premises to the cloud. One key use case where customers leverage Traffic Manager is to make their software deployments smoother with minimal impact to their users by implementing a Blue-Green deployment process using Traffic Manager’s weighted round-robin routing method. This blog will show how we can implement Blue-Green deployment using Traffic Manager, but before we dive deep, let us discuss what we mean by Blue-Green deployment.
Blue-Green deployment is a software rollout method that can reduce the impact of interruptions caused due to issues in the new version being deployed. This is achieved by exposing the new version of the software to a limited set of users and expanding that user base gradually until everyone is using the new version. If at any time the new version is causing issues, for example a broken authentication workflow in the new version of a web application, all the users can be instantly* redirected to the old version.
This is achieved by running two matching virtual environments known as Blue and Green. Normally just one environment (Blue) serves all user traffic and the other environment (Green) is either absent or is idle. During a production deployment to the Green environment, Traffic Manager can be used to gradually send more and more users from Blue to Green while continuously testing the Green environment with live traffic.
For your workloads that are running in Azure, the recommendation is to setup the Blue environment, which has the old code, and Green environment, which has the new code, in separate Azure Resource Manager groups. If the endpoint is external, you can use any continuous integration and deployment tool to manage and deploy the two environments. Once you have the environments ready you can create a Traffic Manager profile using the Azure portal, PowerShell, or CLI, with weighted round-robin as the routing method and add the endpoints corresponding to these environments.
In this example we set the first endpoint Blue.contoso.com with a weight of 1,000 and the second endpoint Green.contoso.com with a weight of 1. This ensures that all traffic goes to Blue environment and no traffic is routed to the Green environment. This is the initial state of the Blue-Green deployment.
All the traffic is sent to the Blue environment
At this point you should setup your client application to NOT connect directly to the endpoints, but to go through Traffic Manager by using the DNS name of the profile you had created (this DNS name will end with trafficmanager.net).
Pro tip: You can use Azure DNS to host your custom domain name and then point that to the Traffic Manager DNS name. This way your client applications and users can use an easy to remember name to access your service through Traffic Manager. You can find more information on how to do this in the Azure DNS documentation page.
Once you have updated the Green environment with the latest version you want to rollout, you can steadily increase the weightage of the Green environment so that a limited number of users are now being directed to there. You will then monitor, using Azure Monitor or Azure Network Watcher, the experience of those users to see if more users can be exposed to the Green environment or whether you need to stop sending users to it.
A portion of traffic is sent to the Green environment
This process of measuring impact and changing the settings is a step function which can be automated with a continuous deployment pipeline (e.g. using Jenkins, Terraform, and Azure Resource Manager templates). If the deployment is a web application running on Azure Web Apps, then you can simply use Visual Studio to execute most of the Blue-Green deployment.
You can keep going up or down in the weightage given to the Green environment until your software deployment is complete and all traffic is now directed to the Green environment running the new version of your software.
All the traffic is sent to the Green environment
Azure Traffic Manager makes this process of safely deploying using the Blue-Green methodology seamless, granular, and fast acting*. Above all, you are in control here when it comes to deciding how fast or how slow you wish to ramp up the Green environment.
*The DNS response TTL value you have set in your profile affects how soon you can increase or decrease traffic to an endpoint. For more details, please visit the Azure Traffic Manager FAQ.